State Farm ISA Training Exam Questions and Answers

State Farm ISA Training Exam Questions and Answers Never request cardholder data by email. If you recieve an email with credit/debit card data: - Answer-- Do not respond to or foward original email, start a new email when responding - Do not use the credit/debit card to make a payment, email is not an authorized payment accepting system and does not comply with PCI DSS - Contact customer and let them know the playment is not acceptable through email, but can be made over the phone , online, or at agent's office - Make sure customer is aware that sendinf card data through email or text is not safe - Completely delete the email SPI requires special handling because it is info that could lead to fraud or identity theft - Answer-- SPI stored in locations such as SharePoint, network drives, etc must be managed, stores, and properly secured in compliance with EISP 60.20 Protecting Information Based on the Information Security Classification - SPI must never be transferred/copied to State Farm-issued portable electronic storage media (CD, DVD, etc) unless there is an approved business case, then it must be removed when no longer needed - SPI should never be entered in fields such as remarks or comments, unless specifcally designed for SPI - Do not include SPI in text - To prevent customers from viewing information that is not their own, it is important to correctly enter and update name, address, DOB, SSN, etc across all systems Truncation - Answer-Permanently remove segment of the data (SSN last four digits is 1234) Masking - Answer-Keep the structure, but make only the last 4 viewable (SSN XXX-XX-1234) Encryption - Answer-Use [Encrypt] in the subject line when the number and structure must remain intact Data Loss Protection (DLP) - Answer-Controls in place to help identify SPI being sent outside of the company, when attempting to send SPI outside of SF, you may recieve a notification with required actions and info on how to protect company data Email Best Practices - Answer-- Before clicking send, forward, or reply, verify that everyone in the To, Cc, and Bcc fields has a need to know information you are providing. Take extra caution if these fields include distribution lists - If you receive a pop-up indicating recipients are external associates or out of network, verify they have a business need to know - When appropriate mark messages as confidential or private - Do not use Reply All if everyone does not need the information. It should be used sparingly and in most cases a reply to only the sender is sufficient